The Best Defense Is A Good Offensive Plan On Encryption

All of us who have a computer or smartphone is pleased to see the Obama administration moving away from law enforcement calls for banning or regulating cybersecurity. Our society is more dependent on information technology every day. Information security, often called cybersecurity, is critical to all of us all around the world.

We empathize with law enforcement because we’re in the same business, that of defending society. We are simply in a different part of the ecosystem of defense. Defense starts with prevention, moves to detection and protection, then to enforcement, and then to resolution. Hindering prevention to help cure is at best short-sighted, and we’re pleased to see that that is no longer on the table.

Defense starts with prevention, and that is where the private sector shines. We are making tools for everyone that prevent crime, prevent theft, prevent spying. After many years of work, we are finally starting to effectively combat the information security threats that everyday people at home and at work see. There is a long way to go, and many things to do, but we’re finally seeing progress in information security, and one of the core technologies we are using is encryption.

Encryption protects everyone from the theft of their phones and laptops by making those less attractive to steal. It protects the information lifeblood of their workplace by keeping thieves out of money transactions and out of the plans of their work itself. Nation states themselves are often actively part of the threat.

These threats come from everywhere, all countries, and even nation states themselves. Street crime of stealing smartphones is international — these phones end up being resold internationally. Fraud, spying, and interference with business practices is primarily an international threat. Personally and collectively, we’re faced with this international threat. Attacks on Sony, JPMorgan, Boeing, Community Health Services, and others all come from nation states. The US government itself from OPM to the highest parts of the DoD itself are all facing this barrage of attacks from other nations and their agents.

This is why our defenses have to be the best. Half-measures won’t work because the threats come from the best cyberattackers there are. They are backed by the Kremlin, the People’s Liberation Army, and others. If cybersecurity is not the best there is even on the humblest phone, then these attacks will overwhelm us.

Law enforcement, is of course part of the total solution. Those of us on the front lines appreciate the hard work and dedication that they do in every country there is. We also know that they’re overwhelmed as it is. They lack resources, they have to attract people from more lucrative jobs in industry, and start off behind the curve.

As attractive as it might sound to hinder prevention to help a cure, this is a losing strategy. Every smartphone that isn’t stolen is a crime they don’t have to solve. Every encrypted database, every SSL link, every encrypted laptop, every other obstacle we put in the way of these nation-state, international attackers eases the already overwhelming burden that law enforcement has.

That is why it is so important that governments listen to their commerce departments, their intelligence departments, and cybersecurity departments and strengthen the cybersecurity of every phone, computer, and server on the worldwide network. There is no doubt about it. There is no back door, there are only front doors. We cannot weaken prevention for the sake of cure. We cannot weaken cyberdefense for the sake of cyberenforcement. We applaud government realizing and acting upon this.